These "gag orders" are the spawn of a sick, twisted, FAKE legal system. If the government doesn't want you to shout it from the roof-tops, then the government shouldn't tell it to you in the first place. The government has absolutely no constitutional legal basis to compel you to "cooperate" in secrecy with some long, drawn-out investigation of a third party. That is absolutely outrageous, as is the entire premise behind these silly "warrant canaries." Leave the birdies for the badminton players, stand up for your rights, and stop spreading this kind of disinformation on the Internet.

If the government has a warrant, let them bust in the door while the news reporters have video cameras rolling. Otherwise, GET OFF MY PROPERTY, because I don't have a clue who you are or what country you represent.

Now that Donald Trump's children are in charge of his business empire, they wouldn't dare to talk about anything that is going on in the Oval Office. Because, well, that would just be unfair. So UNFAIR....Tutanota's encrypted emails are just the perfect tool for Donald Trump as it is not only secure but at the same time as easy as his previous Gmail account. Sources say, he did try to use Signal, but gave up again because Donald Trump claimed that it was too difficult for his big hands to type on a tiny phone display.

The Berlin Tagesspiegel reports that the Bundesnetzagentur (German network authority) has decided to prohibit a doll called "Cayla", and calls for parents to take them away from their children and DESTROY them (I mean the toy, not the kids). What? Just removing the batteries or avoiding registration on your router isn't enough?

The network-enabled toy is considered a dangerous spying device that grossly contravenes privacy laws. It also enables strangers to enter in contact with kids.

The tone of the report is quite drastic: "Even mere ownership is punishable by law"! Might this have something to do that all collected data are delivered and stored to servers in Trump-Land?

I feel it's something of an unusual move from that department, and curious of the authority under which they operate.

Usually a product withdrawal/recall (e.g.: for the presence of lead-based pigments) would be performed by other branch of the German Federal of Commerce (BMWi) responsible for the Product Safety Act, and the Regulation Regarding the Safety of Toys, and the EU regulations they implement. At a quick glance at the text source I can't a cross-reference in these (2. ProdSV) to data and privacy regulations.

I'm looking forward to a presentation at 34C3 on hacking these things. ;-)

Why did former political appointees Director of National Intelligence Clapper and Attorney General Lynch authorized that raw, unfiltered NSA data-mining of USA citizens to be widely shared without safeguards? Their motivation has become rather obvious; they did not want their eight years of work to unraveled. Making the leaks harder to trace was a planned feature.https://duckduckgo.com/html?q=lynch%20clapper%2016%20intelligence%20agencies

From Terrorism to Politics
These officals authorized a blatantly unconstitutional political weapon to perform unreasonable search of innocent Americans. It’s used in secret without probable cause, warrant, court oversight, logs or privacy safeguards. Further there is no accountability or consequences for misuse of data unless discovered. Have SIGINIT communications leaks become inputs to taxpayer funded political action committees to fit an agenda?

Snowden Findings Embarrassingly Ignored
The apparently clueless targets do not understand that their cell phone communication are monitored by opponents remotely from anywhere in the world.
How dumb is it to comically use cell live phones flashlights (for video and audio) during national security incidents? Everyone (except the uncleared waiters) should be fired for sheer stupidity. North Korea real-time intelligence (including Facebook) plan was executed perfectly. They must be laughing hysterically at their amateur opposition.http://www.phonearena.com/news/This-60-Minutes-report-should-scare-all-smartphone-users_id80321

Basic human rights insist on privacy for both quality of life and to be productive in society.
Powerful governments and corporations cannot unreasonably search sensitive databases of political foes or the competition. Our precious constitution states there must be checks and balances including probable cause and unbiased and independent judicial oversight. Otherwise our lobbyist run country will be consumed by daily rancor and extreme stress.

Aren’t these invasive tools supposed to be for fighting terrorism and not turned upon each other?

In offering solutions to our crippling excess, America should look to other countries who have successfully implemented cost-effective health-care systems or data-mining protections. For example check-out India’s privacy-first policies.
God help our both clueless and vindictive America.

'Tito Karnavian told the Associated Press that Siti Aisyah, 25, received payment to be involved in a prank for Just For Laughs, a popular TV show. He said she and another woman carried out stunts that persuade men to close their eyes and then spray them with water.

"Such an action was done three or four times and they were given a few dollars for it, and with the last target, Kim Jong Nam, allegedly there were dangerous materials in the sprayer," Karnavian told the AP.'

Is it odd that two weeks ago we had someone warning us about banaca ? And you guys are all worried about handguns. Where do we hide the trees?

Super scary - After the Associated Press (AP) published the statement, Zuckface deleted the bit about using AI to monitor users. Then the AP story did too .
Winston Smith - the 'censor of history', now AI, payment, or coercion?

What happened to the Giganews post; it was Nº 11 in the queue? I didn't have time to read it when I first visited this site, but when I returned now it appears to be gone. Maybe I'm just overlooking it...I'll recheck the list.

@ Edward M
Many years back, our host (@Bruce) recommended the following for crossing borders: Full disk/phone encryption. The carrier does not possess the password. The password is later sent by a friend(s) (preferably segmented) upon reaching the destination. Nowadays, I would not be surprised to find such cautious persons permanently housed in the concrete labyrinth beneath the concourse. Some encryption tools offer "deniable folders", but if it is not "full disk" it is open to side channels, and the traveler is facing a state level actor with both zero-days and rubber hoses.

@ Subversion #9

Definitely on the All Time Greatest Hits list. Anyone not familiar with the program . It features (until just now) harmless but baffling stunts pulled on unsuspecting passers-by.

It does remind me of the scheme where a job ad on Craig's List had a dozen applicants appear at the same place at the same time in near identical garb. Only one was a armored car robber . People are gullible. Working in a familiar theme makes them more so.

What's bothering me, amid all these quotes in the last couple weeks I am seeing major spelling errors and word-substitution as if things are being written via swype on Android keyboards for major news outlets.

Am I crazy? Does any keep tally of the avg spelling accuracy of our (us) national news outlets?

Are these "breaking" repetitive news stories so important that all editing is thrown to the wind? If you can't see the word 'single' substituted for 'something' when you have 5 other 100% quotes to compare to wtf?

What's bothering me, amid all these quotes in the last couple weeks I am seeing major spelling errors and word-substitution as if things are being written via swype on Android keyboards for major news outlets.

It's not just that it's the abrupt changes in tense in mid sentence etc, suggesting that the sentences have been "cut-n-pasted" together via poor editing.

You can also see similar incorrect use of tense by some of the more radical posters that have sprung up "as though from dragons teeth" since the start of the change from one US executive to the current executive.

Which begs the question as to if there is a link between them or not...

I have no idea what this is. It has no description of how it works on homepage. That it's just software makes me doubt it's a TRNG in first place. The code is assembly I can't read. I suggest people staying clear of this thing.

@ Clive

There was another conversation about Secure Drop and similar things on Hacker News. Thomas Ptacek was running most of the debate it seems. I couldn't resist the curiosity to know what the guy looks like, how he talks in person, etc. Such things, esp body language & facial expressions, sometimes reveal a lot about someone's character. Probably should've done that long ago but I found this RSA interview on Youtube.

What does that style tell you? Hint: some of what it took me some time to learn in debates. All in just a few minutes. ;)

@ All

In interests of verification of chips or components, I keep looking to see what happens with things like hobbyist electron microscopes. For atomic force, I found one OSS and one cheap. For hardware, PULPino project added vector instructions and some other goodies to its open-source, embedded RISC-V. For crypto, a Galois Inc rep delivered a talk on ultra-low-power, high-assurance, asynchronous crypto in hardware. They also wrote a paper with tips they learned doing a high-assurance drone for DARPA. For protocols, Microsoft Research is kicking ass again on verification.

My reading of newspapers and newsmagazines online has been growing steadily in recent years ... it now takes up a lot of my time.

Yes, it is my impression that spelling and word usage have gotten very distinctly worse.

My supposition has been that this is a by-product of internet in two ways:

1) Revenues have fallen drastically, because subscriptions have declined sharply and the ad market is now super-competitive. So, all of these organizations are cutting staff, including the near-extinct (but damned useful) category of copy editor. Though why they don't use a decent spelling/grammar checker, I don't know.

2) Now that online news publication is continuous, the pressure to get stories "out there" is relentless. There used to be a "deadline" time once or twice each day, and stories could be prepared with some deliberateness if deadline wasn't imminent. Now, whether it's 2 pm or 2 am, news outlets want to get breaking news published in the fewest number of minutes.

These are only my surmises, I don't have any empirical data to back them up as causes of lousy copy (though there is plenty of data on the underlying trends I mentioned).

"Yes, it is my impression that spelling and word usage have gotten very distinctly worse.

"My supposition has been that this is a by-product of internet in two ways: ..."

My great-grandfather was editor of a Finnish newspaper in Astoria, or so I was told from my youth. Finns, for example, are often reluctant to use definite or indefinite articles. In any case, the general decline of spelling and word usage, (i.e. the use of Russicisms,) strikes a primordial ancenstral fear and alarm within me: The Russians are coming! The Russians are coming!

'McCain acknowledged that leaks have the potential to do damage to national security. But he made a surprisingly impassioned case for them in an era when truth is hard to come by. “In democracies, information should be provided to the American people,” McCain said. “How else are the American people going to be informed?”'

“If you want to preserve democracy as we know it, you have to have a free and, many times, adversarial press,” McCain added. “And without it, I am afraid that we would lose so much of our individual liberties over time. That's how dictators get started.”

Amusing to hear you admit without embarrassment that you're too inept to identify and counter malware or MITMs on a link. Are you afraid to visit the whole internet, or do Mommy and Daddy protect you with some sort of Net Nanny? Downright poignant to see that you are ignorant of unz review. Having already learned that you're afraid of Tor and i2p because it might get you in trouble or something, the bathos is overwhelming.

Most Internet users are like children in the snow, they run around having fun, leaving nearly every footprint clear to the eye of those that care to look.

Well Internet users are now realising in the last 18-36months that they have to grow up and become adults.

One reason is the interesting comment that there have been more credit card details compromised in the US in the last 48months than there are individuals in the US that hold credit cards... And most of those compromises that make it into the news headlines are about "Internet Hackers take XXX million Customer details...". This has been backed up by people being sent letters about the fact that their CC or other details have been stolen and as part of the remediation package they get a years free credit checking etc.

This need to grow up has been exacerbated by "Digital Stalking" and "Abusive Ex" stories about how easy it was for some low life with an apparently even lower IQ to track down and do harm to their victims.

The problem for most is that unlike the snowy footprints of children at play, digital footprints do not melt away in the cold light of day.

There have been one or two MSM press articles but they invariably offer a mish mash of advice often conflicting and often fanciful. Even advice from experts is often seen by other experts as not advice they would give[1].

That's not to say experts are wrong but their Point of View is their point of view and is thus singular to them, not you.

Back in Charles Dickens' time, it was considered "important to be widely read", something that is now nolonger possible due to the shear quantity of reading available. Thus the trick these days is to be selectively read in as broader manner as is possible in the time you have.

Thus the key to reducing the load being the selection process. To that end people might want to give this a read,

[1] I'm noted for comments like "Paper Paper NEVER DATA", "Energy Gapping", "With cash they can only take what's in your pocket", "Never leave ammunition for the enemy", "Needless Trust is death in waiting", etc. Which used to be considered extream even for high risk individuals I'd advise... but of more recent times many are wishing they had practiced ten or twenty years ago. Times change and as the old saying says "Makes fools of us all", for instance even cash is getting traceable these days...

Her collaboration was a good read. I see it as one of many pieces of a marketing goldmine that nonprofit businesses can use to produce tools that solve those problems. Then, the experts can just say "use X" like they do with Signal, phone backups, prepaid cards, and so on.

"Trump is now calling the media the enemy of the people for pointing out that we have a bumbling idiot as President"

I didn't know the previous presidents weren't bumbling idiots. Now suddenly everyone's worried about Trump's supposed idiocy, well, Obama was such a caricature but nobody seemed to bother. Not to mention Bush.

At least Trump speaks out of his mind instead of pretending to be "nice".

If you don't teach reading by phonics then
you get spelling errors and functional
illiteracies spread throughout the populace.
Eventually people start to notice but most
haven't a clue as to why it occurs.

Writing is encoding sounds, reading is playing
the sounds back in your head.

The idea that you can magically encode as icons
in your head the 700,000 words in an old major
dictionary is ludicrously stupid since other
societies that do so have an upper limit of
50,000 characters for well educated scholars.
That's why they have switched to syllabaries.

short version it isn't the internets fault
that cloddy cain't read or spell anymore.

The recent growth in the amount of forced unlocking and copying of smartphone encrypted contents might be a worrying sign that privacy and security are not to be expected anywhere in the world.

These occurrences can happen to diplomats, officials, businessmen, travelers and anyone. These are especially worrying sign for diplomats and officials from foreign countries that might be crossing borders for official businesses and their corporate or Government issued smartphones might be searched.

The likes of secure containers ranging from Good Technology, Blackberry's MDM to Samsung KNOX have attempted to address issues using secure separation of work and mundane data in encrypted corporate containers that leverage ARM TrustZone.

We can go about talking about high assurance techniques and technologies which includes data diodes and carrying paper data instead of electronic data but the fact in most corporate environments and businesses do not look at the problem in a high assurance approach. Most businesses prefer to use out-of-the-box commercial security solutions and most commercial security solutions are pretty low assurance anyway.

The game in security is to not be the low hanging fruit by using whatever deception that is available to get the job done.

Putting aside the idealistic scenarios of using high assurance technologies and the suspicion that TEE-OSes might contain persistent problems to enterprise and personal security via the means of Exceptional Access, to raise the bar for most attack scenarios but to maintain compatibility with existing technology, the use of TrustZone backed secure containers for a segregated workspace and a MicroSD Secure Element HSM chip setup to prevent key material extraction (enabling Strict FIPS 140-2 mode) can be used to prevent compromise of corporate or governmental data in tricky situations.

Such MicroSD card HSMs are getting very common and cheap and the common ones are from G&D, SecuSmart, Gemalto, Smartcard-HSM et. al. These MicroSD HSMs may come with FIPS 201 PIV standards or even FIPS 140-2 configuration with up to Level 3 or even 4.

The MicroSD card HSM would store a PIV user certificate for PKI based user authentication into corporate MDM Servers and networks (i.e. Secure VPN network). The MicroSD HSM would contain two sets of PIN (User PIN and duress PIN as usual :D ). The secure container would only be accessible via the MicroSD HSM's PIV user private key to unwrap and attest the integrity of the container header in the TrustZone environment thus sufficiently enabling the inability of accessing the container without the access to the MicroSD HSM.

Upon successfully loading of the secure container, the PIV user certificate is used to establish a secure link within the secure container back to the MDM server to download updates for the container and to access corporate information and working drafts of documents. When the container is closed, the working drafts are pushed back to the MDM server and the drafts are destroyed before re-encrypting the container within TrustZone thus making the secure container essentially a sort of Thin Client. The container should only contain minimal software for the operation of the Container-based Thin Client environment thus ensuring that no stored data is available when requested.

Documents that need to be bound to a specific handset can be done by storing within the container's keystore a device attestation token which is stored encrypted within the Container-based Thin Client environment. The requesting for handset bound documents would not only require the PIV user certificate attestation but also requires the device attestation token stored within the encrypted container so now you will need to handset and the MicroSD HSM to actually pull the document for viewing and editing.

Do note that my heavy mentioning of FIPS standards are due to the fact that the target audiences are mostly for Governmental and Corporate people who have a need to protect secrecy using COTS available and have little time to tinker around and use non FIPS approved COTS.

In the past 20 years, I've spent quite a lot of time with native Russian speakers, and learned a little of the language myself.

I think that my "linguistic inner ear" is sensitive to the typical grammar and usage errors of English from native speakers of Russian.

Thanks to you, I now know that Finnish has no equivalent of "a" / "the" ... so in usage of articles, I would expect native speakers of Finnish to make errors similar to those of Russian speakers.

I looked at the en.wikipedia article on Finnish grammar. Fifteen noun cases? Yikes!

Though by reputation, America's Navajo language is extraordinarily challenging: Navajo is both tonal and extremely inflected. The amount of information encoded in a single Navajo verb is almost skull-cracking :/

Absolutely, and anyone with any sense realizes thus far every single ISP short of maybe Quest has been or is complicit with snooping at any given point of time since 2001.

More to the point? SSL MITM is the least of our worries, with ad-networks honeynets search-engine-poisoning and watering-hole-attacks nobody is safe.

All your data belong US, but hey! To a point it's a defensive measure and as stated en-response to @Clive the evidence of it's existence is proof of it's lack of perfection or the quality of the sieve.

Things MUST be escaping the dragnet because they're still (albeit multiple factions) a) trolling b) tralling (to make a distinction with the modern definition of trolling) and c) sending out NSL's.

It's a big problem, and the question boils down to who do you trust?

One needs to be able to trust himself and his devices foremost, sometimes you can't which means you have to be able to understand the requirements of operating in un-trustworthy environments with un-trustworthy devices.

Let's split (and raise) some hairs here, there's at least 2 interesting people involved in onz when I google it.

The first being Ron Unz, who as silly as it sounds advocates opt-in English courses as an American Conservative. That should roll over pretty well for the majority of 'conservatives' out there don't you think?

The second, and this one's a real winner: Steve Sailer. This is another one of our long-term nationalist alt-right leaders huh? It's good to know that when Trump references the 'california take-over' he conveniently neglects these two from his assessment. It's like Seattle leading the world around by the nose, no thank you.

At least Trump speaks out of his mind instead of pretending to be "nice".

It's very reassuring indeed to have a POTUS who is a serial liar, issues blatantly unconstitutional executive orders, openly and repeatedly calls the media "the enemy" and ostensibly tosses away court rulings during a campaign rally. Unless you're completely ignorant of history or already have a brown uniform ready in your closet, that should send shivers down everyone's spine.

Nagh it was the instalation engineer on the warranty card on the Smeg fridge he just put in...

Most people would be supprised at just how much warranty information on high end goods gets turned into sales leads. Likewise spend more than 20USD on a single bottle of red wine and some sales droid will salivate to get the rest of your details, especially if you do it more than once a week.

I know people that have some quite expensive professional services, whereby they insulate their more discreet clients from such problems, even to the point they do not appear on "official" paperwork.

As far as I'm aware it's all legal and above board --though legislation changes--, and much of it you could do yourself if you know how to set up companies with head offices in off shore jurisdictions and know tricks about domicility and work rules[1]. The problem for US citizens is US exceptionalism about taxation and where you are domiciled but there are I'm told by those with an indepth knowledge of US legislation ways around that as well.

I used to know a senior company director that had the use of a "caretaker flat" on the top floor of a quite expensive office block. Whilst quite small it directly adjoined the "walnut corridor" facilities of the private company which had an executive dining room, gym, etc etc...

The point is if you have good accountants and the like the function of a room is what you claim it to be and providing you are discreet stick within certain rules that is ultimately what the Taxman accepts. And unless you are upto something realy naughty, most Governments accept what their taxmen accept, as the primary business of Government is to raise taxes to pay for everything else...

[1] It often suprises people to know that "it's where you are paid" more than where you actually work or live that counts. That is as an employee of a company in country X you can be temporarily asigned to work in an office in country W or Z for quite long periods of time providing it meets some almost arbitary definition of "temporary". Usually the higher you are in a companies ranking the more arbitary temporary becomes. Thus as used to be the case you could "live in Monaco" but due to "travel days" be in the UK working upto three days a week, as long as you or your company could pay the travel costs.

Anyone who knows anything about security should stay far away from this new Vodafone [UK] service.

I looked at your link to a wailing wall for Vodafone customers, and I see that this story is already one year old.

Could this be an implementation of the surveillance demanded by the "Snooper's charter"? How far must an ISP snoop to comply with the letter of the law? And if this actually is the case, changing ISPs won't help.

With HTTPS, all what a third party can see is one or more opened TCP connection to some IP address which was obtained by some prior DNS request. HTTP/2 should reduce the number of simultaneous connections.

If changing the DNS server setting is enough to defeat the system, then, if I'm not spouting utter nonsense, their equipment is only capable of handling TLS 1.1. Support of multiple domains under a given server IP is apparently only possible beginning with TLS 1.2. Since earlier TLS versions don't expose the server name in the handshake, they have to resort to DNS monitoring or rely on a reverse DNS lookup.

This kind of issue isn't really new. I was a very unhappy customer of Arcor in Germany almost 20 years ago (which incidentally now belongs to Vodafone). Among the many egregious problems I had with these bozos, I figured out that there was some kind of hidden proxy spoiling my (unencrypted) HTTP connections. I found out by checking server logs, and saw that the accesses didn't come from my client address. Why they did this at all is still mysterious to me.

All your data belong US, but hey! To a point it's a defensive measure and as stated en-response to @Clive the evidence of it's existence is proof of it's lack of perfection or the quality of the sieve.

Actually it's a bit more than that.

There is as I've indicated in the past a question of resources and their utilization. Technology currently has the effect of making things tommorow considerably cheaper than they are today. That is you devote todays resources to the problems that show the greatest return. If you commit a crime today however it will still be a crime tomorrow, the day after and several years hence. But it gets cheaper to prosecute with time... So the fact you think you get away with something today does not mean that you have, just that for resource reasons you have not been prosecuted today.

But as I've noted before, the primary purpose of Government is to raise income to pay for votes etc. The traditional method is by taxation but it's clear to anyone who can think that taxation is not keeping pace. Thus another way of raising revenue is by fines and confiscation of the proceeds of crime.

This is where you also have to consider the mode of operation of a gardner or farmer. They have limited resources thus they do not do things as efficiently as they might. For instance, the easiest way to deal with weeds is to not alow them to grow, but it takes quite a large effort in resources to track down each and every seed etc and pick it out, it's less resource intensive to let them grow a while, and take a hoe to them when they are most vulnerable. Likewise the crops, you chose which to pull early as they are not growing as fast as others etc, but generally you let crops grow to a point where you get a good yield but not the best yield due to uncertainties it's a judgment call.

There are advantages in letting criminal activity go on, if nothing else it makes the divertion of resources to the LEAs politicaly easier. But also it can be like farming, you weed out those that are low resource to remove or are going to cause serious problems. The others you treat more like a crop, you let them grow to the point where the cost of harvesting them is more than covered by the fines or asset forfeiture, thus in effect make a useful profit by doing so...

Thus many crimes apparently go unpunished for financial reasons.

Thus to be a successful criminal you need to work out not just how to get away with todays crime today but still be able to get away with todays crime in ten, twenty, fifty or a hundred years from now. Not doing so will put you in line for being dealt with at some point. Thus it's better to never get put in the line rather than wait to get to the head of the line...

At the end of the day it's an individuals choice as to if they commit a crime or not. The only question that arises if they do, is have they avoided being put in the line now or in the future. The simple answer is if the crime is sufficiently recorded then as a criminal you have probably failed and it is just a question of the time/resource curve to sweep you up into line.

As I've pointed out in the past "collect it all" is about building a time machine to apply future technology to todays data to give usefull answers in the future. That is with collect it all your activities get swept up, at some future point the resource cost drops on the getting answers questions. If you are long gone, it does not matter to you but, if you were a bit of a tearaway youth now making good in life, do you want the tap on the shoulder, the quiet word in the ear, the embarrassment or worse?

"issues blatantly unconstitutional executive orders", isn't that how Obama got us into massive surveillance? Yet I don't see people rallying against this. I don't see how Trump's order was more unconstitutional than that.

But wait, the army of NGO doesn't mind Obama monitoring their communications, but they get so angry when jihadists can't enter the country.

Ahh you mean "sweden just around the corner from Alaska", Donald appears to know his geography as well as Sahara Palin, and quite a few others[1] it's not just a faux republican thing. All jokes about the knowledge a lot of Americans do not appear to have about world geography can be said of many other nations.

However the recent attacks in Pakistan of which Sehwan in Sindh province is just one and possibly what Donald Trump misheared/remembered is a reminder of the legacy of the problems in the ME to do with fundemental religion out of Saudi and petro dollars.

I would expect native speakers of Finnish to make errors similar to those of Russian speakers.

Russian (like English, German, French, Spanish, etc.) is an Indo-European language, while Finnish is grouped along with Hungarian and Estonian into a different family. I do not know any Russian beyond making out some of the letters because of their vague resemblance to Greek letters, but I would guess that the languages are so different that to speak or understand one versus the other requires an almost completely different way of thinking. No, I would not at all expect native Finnish speakers to make the same errors as native Russian speakers when learning English.

@Faux News

liberal AIDS monies targeting Africa

Right. It is absolutely imperative that both boys and girls be circumcised by the Médecins Sans Frontières in order to prevent the spread of AIDS.

@keiner

Saudi Arabia is close friend to USA. Longstanding.

Right. What about those wealthy Saudi Arabian Sunni families who fund Da`esh?

..and the Saudis in the WTC. And the Saudis funding fundamentalism islam all around the world? Really, have a look at Bitter Lake by Adam Curtis. The stories out there, starting AT LEAST from 911 don't make any sense. But Trump is the wrong answer. If the facts don't make sense, don't kick out the facts, but the STORYTELLERS...

My speculation about errors in English was limited to "usage of articles". Like Finnish, Russian has no words for 'a' or 'the'.

As a native speaker of English, I had no idea how hard they are to use until I once tried to explain 'the' to a native Russian speaker. I spent quite a while trying to come up with rules for when to say 'the' and when to leave it out, and no matter how hard I tried I kept finding exceptions to my proposed rules.

So I imagine that native Finnish speakers would have similar confusion when using languages with these articles like English (and all of the western European languages I can think of).

The third article in English, 'some', might be easier for Russian speakers, because they have roughly corresponding words.

I experienced a much smaller version of this perplexity in reverse as a student of Russian. In English, other words around the verb indicate whether it refers to a completed action or a the process of the action (for example, "I walked" vs. "I was walking". In Russian, this distinction is called aspect, and in general there are two separate words for each aspect. Usually (but not always) they are similar, but there are several patterns of variation, so that knowing one aspect does not in general allow you to reliably predict the other aspect. So, for each English verb, I need to learn two Russian words.

To add sauce to the recipe, the aspects have different conjugations too.

For even more fun, verbs of motion (variants of "to go") may have different forms depending whether the motion is one direction ("I'm walking home") or general/multidirectional ("I often drive for my sales job").

[Brendon] Eich sees the Web as facing a "primal threat" consisting of an impending conflict between advertisers, who are incentivized to collect and store detailed and, oftentimes, highly personal information about individual web users in order to deliver more effective advertisements, and users, who are increasingly averse to the collection of their personal information.

Incentivized? Right. That means he makes a lot of money buying and selling your personal and private information. Has to. After all, he paid a pretty penny for the premium domain name brave.com.

And he wants micropayments on top of that? I'll tell you what: Get your greedy grubby fingers out of my wallet, get your filthy pop-up malvertising scumware out of my computer, and go chase the high net worth somewhere else!

To add sauce to the recipe, the aspects have different conjugations too.

For even more fun, verbs of motion (variants of "to go") may have different forms depending whether the motion is one direction ("I'm walking home") or general/multidirectional ("I often drive for my sales job").

@MarkH

In traditional Finnish, (and my Finnish is both rusty and very, very old, from three of my grandparents who learned it from their parents after they immigrated to the U.S.,) "minä käyn" means "I walk" or "I go." The general/multidirectional form would be "minä kävelen." It's from some root of the same word, but if I understand right it's more like "I'm walking around" or "I'm going for a stroll" rather than for a particular purpose like "minä käyn koulussa" or "I'm going to school," whereas it would not be necessary to say "minä kävelen koulussa," which sounds a little bit odd, and probably would not express the same idea. So there is a general/multidirectional form for many Finnish verbs, but it probably does not correspond very much if at all in usage in most cases to the Russian.

@keiner. yes, AT LEAST from 911, and provably from the Oklahoma City bombing. What makes sense is the probative evidence: by 1995 CIA had brought home a strategy of tension long in use in Europe (as "Gladio,") involving armed US government attacks on the domestic civilian population to justify increased repressive capacity.

One important function of the 'security' industry, this weblog included, is to direct everyone's attention to officially-approved threats (Islamic terrorists, cyber, whatever that is) and away from real threats, like serious crimes of concern to the international community committed by the US government.

Our security experts will be afraid to address this until after the US starts and loses WWIII and the SCO rounds up Gates, Brennan, Meyers, Cheney, and Rumsfeld, and gives them the six-inch drop at Nuremberg II.

Bowling Green was and is the most absolute tragic terrorist plot to ever happen in the United States of America Mr. Dirk Praet. Why, don't you realize just how upset the Aides in the White House are that it never happened?

They're practically setting the table for it at this point don't ya know.

I would sooner believe that their subsidized operations with the BND are the style of FBI+GRU hand-en-hand operations that happen as opposed to actually using their own services to render such afflictions. They work with GCHQ, BND, after this election I would believe with absolute readiness that certain Republican factions contacted the FSB for Chechen services but not that the CIA would be directly involved.

Buy devices when you get there, load it up with an SD card or via the cloud.

(Frankly, if I had any really, truly secret or incriminating data that needed storage, it would be on paper in a secret safe or in my head.)

The more expansive view is police and governments are collecting this data for general law enforcement and/or political reasons, for nefarious purposes unknown to the general public.

So, for example, to get embarrassing data on a politician, his totally innocent secretary, barber, next door neighbor, anyone who has passing contact finds themselves on a secret targeted adversary list. Everywhere they go they are under electronic surveillance.

Because it can be labeled a security matter, it's thus secret surveillance. Meanwhile, if something incriminating is found NOT related to the primary target, it is still legal to use it as evidence.

We are quite away downhill on the slippery slope of tyranny when it comes to electronics these days. In many respects the USA set the standard for the world...down!

In the end, it's not so much a technical issue, it's a political and human rights issue. They take data simply because they can and there is no one who can or will stop them.

“Launch your firefoxen (each) with "-no-remote" switch. Also use different "profiles" for each instance, and switch "-P profile_name" If necessary, please search "mozillazine" for lists of FF parameters/switches and exact syntax thereof...”

Thanks. Two different profiles are the solution. I’ll give it a try.

@ albert

I see. The post was not worth the damage it could cause. That sounds reasonable.

Bad move downloading after passing through a border, better to pick up a new device randomly and grab your data then. You wouldn't want bedbugs or NIT's to follow you from the crossing to your hotel to your weekend dinner date would you?

Forgive me, but I'm railing against you for the same reason I railed against @Clive in this case and for the same reason somebody could rail against me... The situation is a live grenade, worse yet could be advocating people 'leave their devices at home'.

Where's the security in that?

It's a hard problem sure, and they're right for the most part that without secure software and secure hardware we're through... But it isn't the case when a device isn't unlocked by a fingerprint or an iris.

There's no real reason to panic unless you are bound to a single channel or a complete sentence things can be communicated without legible communication and data can be transmitted and ferried in ways that do not divulge secrets.

Fear and panic have smells that can be detected by dogs and microchip, in some cases video can sense your unease and your sweat.

They will go and mess up the middle east. Long planned. Islam is just the boogeyman.

Long-standing practice to introduce totalitarianism: de-humanized a large group of society (how about a religious minority? Don't forget the migrants, xenophobia is a constant, amazingly even in a nation of migrants).

When a large fraction of society has accepted the concept, e.g. by voting for total idiots in an important election, hate and violence will follow soon. And the next step is to missuse security (aka "antiterror") legislation to criminalize any kind of resistance against the regime.

The USA is on a good way under this playbook, as is the UK (even without a direct election, but due to the fact the regime changed after the brexit vote).

Buy devices when you get there, load it up with an SD card or via the cloud.

Unfortunatly you've not followed the logic through... It's something that Nick P and myself went further with several years ago now, but it's in this blog somewhere ;-)

Briefly, the SD card is just another electronic device, if you can use it then it can be found on --or in-- you when you cross the border. If you are "hiding it" or are presumed to be hiding it then you are in a world of hurt. Lying to a Federal Officer is the least of your worries as the presumption is then that you have reason to be hiding it, which is not where you want to be going.

But following on with the SD card, unless you encrypt the data when it is found then the data is lost anyway and all you've done is earned yourself whatever punishment they decide to throw at you, not for your "crime" but as an object lesson to others, so expect the bidding to start at 30years and go upwards from there...

With regards using the Internet in some way to get around the physical border, similar logic can apply with regards lying to federal officers / false declarations and all sorts of other nonsense. However the point is you would have the data encrypted somehow.

The problem with encrypted data in both regards is the key. You may not be aware but various countries have quite stiff penelties for nothanding over encryption keys on demand. As the legislation is written your only real defence is showing you do not have the key in your possession in the past or currently, and that it is not possible for you to get the key now or in the future within the jurisdiction you are being held in.

It's this last point you need to think about carefully because get that right and the rest is fairly meaningless within the limits of the law...

As I said have a hunt back through this blog and you will find various methods discussed.

@keiner, very true - though one could cavil at "the next step," since longstanding police death squads murder blacks with impunity nationwide; and the US government violently repressed Occupy with counter-terror measures including planned sniper murders that FBI is shielding from public or legal scrutiny.

US fake democracy passed through the event horizon when Rumsfeld went to DEFCON 2 and COG replaced the constitution. It's still amazing how no one notices that Congress and the courts have been completely castrated - even compared to the feckless reforms of the Church and Pike Committee days. Senators beg CIA for scraps of answers in this humiliating mother-may-I game. They either work for CIA directly, like blackmailed traitor McCain and Hastert's pedos, or they're flinching and crawling like little butthurt prison bitches, e.g. Wyden.

The US population can't reverse this. They're more under control than North Koreans. It is a problem for the international community. The world knows exactly what they're dealing with: a criminal COG regime that breaks with the past like the Nazis did, and legally does what the Nazis did, crimes against humanity and peace. It will turn out the same way too.

And the security industry ignores it all with a herculean effort of will and feigned obtuseness. Makes you wonder if there were lots of mealymouthed security experts advising the SS on the fine points of slow strangulation with piano wire or concentration camp ethics.

Those old enough to remember motor racing when it was dangerous, cars crashed and drivers and spectators got injured/killed, modern F1 etc appears tame in comparison.

Even though crashes still happen, they are nowhere near as frequently, spectators are usually quite safe and drivers usually walk away from crashes these days.

Well one area that is new is "driverless" racing. The cars are not remote controled but AI controled. The first competative race between two AI race cars has ended up with one crashing, and the other successfully avoiding a dog that got onto the track,

Of course this leaves the real question of are there going to be more crashes thus drama, or less thus making it almost clinicaly dull. Time will tell but the first few races atleast should be entertaining.

There is now an evil voice whispering in my ear that this could be turned into a competative sport...

The real point however is it shows how industrialising a process is oft to go badly wrong. It's kind of what you'ld expect to happen with big business paying for results but not checking that what they are paying for is actually real.

Hands up those who could see ways to make this sort of idiocy happen with "collect it all"...

I just don't think it's a good idea to carry encrypted things with you across a border, there's too many unknowns and then you'll just have to answer questions that can be further mined strategically. It's just not worth it.

Now, unencrypted but SIGNED may be a different scenario.

And as for leaving your devices at home while your errborne itinerary is plotted by whoever guards the borders... they're connected back to your locals so my advice there is again - don't leave your stuff in a fixed location unattented for whomever may not come knocking.

Also, I think I've seen questions about 'updating' containers on solid state devices that enforce wear-leveling so opening your digital brief case once you arrive at your destination and then passing through the next checkpoint may be a nono too.

That's just my angle on things, I find myself concerned with security because I've seen first hand how easy it is for technology to escape one's intended boundaries. It's not worth the risk or the effects of other people having, it's not.

There's certain things that should be shared, and other things that that specific question is up for grabs - it's just better to report/publish a CVE/disclosure than it is for the general public to have one's niche tools. At this point in time it's borderline manufacturing and or distribution of weapons and that's not even considering the fingerprinting opportunities that present themselves when one's stuff gets out. If you want to have the freedom to code sometimes your code should stay in the lab where you developed it, never seeing the light of day outside unless there's some sort of public need.

Tradecraft, we all stand on giants especially within the open source world but there's just too many kids out there who'll repurpose even a light PoC into something malicious.

Sometimes it's not even a kid, look at Cellebrite FinFisher and GammaGroup.

No guarantee, I haven't checked recently if it was still working. Me perso, most of the time I trust google chrome's embedded PDF viewer (needs local scripting, that I allow only case by case using the "ScriptSafe" extension, homologous of the better known "Noscript" for FF). YMMV

My hopes for you, Mr. GRU subordinate; are that you find direction and happiness that is not at the direction of another.

You and I both know full well, that if you are but one of their many recently co-opted the happiness you must be feeling now pales in comparison to the happiness you thought you had before. It's amazing how quickly things can change no? Sloppy sloppy Mr. GRU subordinate, it's a shame.

JG4 is amazed by 10-20k a month, but we know otherwise don't we?

What you're doing now is not freedom, it's not enjoyable. I don't think you even know the true value of an honest days work do you? Always jet set and martini's.

They tried to do that to me, too. They put poisoned shellfish (shrimp and scallops) into a dish I had ordered at a restaurant that was not even supposed to contain shellfish. I was rather stranded at the location, and I slept outside in freezing weather, and I puked and puked all night long, but I stayed away from the hospital and survived.

Christopher Thyer, the U.S. attorney overseeing the case, said the employees were abusing their position to steal from taxpayers and “poison the communities we live in with dangerous drugs.”

The drug thefts from VA also raise the possibility that patients will be denied medication they need or that they will be treated by drug-impaired staff.

In one case, a former VA employee in Baltimore pleaded guilty on charges that he injected himself with fentanyl intended for patients heading into surgery, then refilled the syringes with saline solution. Patients received solution tainted with the Hepatitis C virus carried by the employee.

"Time will tell but the first few races at least should be entertaining."

No doubt! If you remember the days of 'active suspension', the failures were rather spectacular visually.

Steve Matchett, one-time mechanic for Benetton F1, has said for years that the F1 engineers would love to get rid of the drivers -- the people in the cockpits add aerodynamic drag, raise the center of gravity, need extra hardware for the person/machine interface, and make errors that degrade lap times from their technical optimum.

In addition, once you get the drivers out, you can dispense with all sorts of costly apparatus and testing provided for driver safety.

There's a certain segment of the F1 crowd that would probably be excited to watch driverless auto races. However, I suspect that the rest of the world's motorsport audience would find many other things more appealing.

@Anonymous=e, Churkin's the third one after Karlov and Krivov. If your bureaucrats are laughingstocks at diplomacy and rule of law, you just kill all the competent diplomats until you're the best. Then you can be leader of the world for sure! That's the American Way!

@r, I know why you can't stop humping my leg, you are friendless and desperate for attention. Drunk posting makes you all emo and makes it worse. Studies show American lumpenproles' lifespans are getting shorter as they poison themselves with alcohol and drugs in despair of the corporate snake pit they are trapped in. It's not your fault, it's your subaltern class habitus.

https://www.wired.com/2016/12/dear-mr-trump-cyber-better-try-blockchain/ A DDoS-proof DNS? There's no way the NSA would allow this, right? It would make cybed terrorism harder, it would protect critical infrastructure, and by everyone having a local copy of all DNS records if would uphold the constitution of the US (no more DNS leaks violating the 4th amendment). Any one of those on their own would be enough for the NSA to sabotage it like they did the NIST dual elliptic curve standard, right? Isn't their job to give cyber weapons to terrorist organizations like Shadow Brokers and hide it until China and Russia have used it to do as much damage as possible to critical US infrastructure? Isn't that what they're paid $60,000,000,000 a year for?

Steve Matchett, one-time mechanic for Benetton F1, has said for years that the F1 engineers would love to get rid of the drivers -- the people in the cockpits add aerodynamic drag, raise the center of gravity, need extra hardware for the person/machine interface, and make errors that degrade lap times from their technical optimum., one-time mechanic for Benetton F1, has said for years that the F1 engineers would love to get rid of the drivers -- the people in the cockpits add aerodynamic drag, raise the center of gravity, need extra hardware for the person/machine interface, and make errors that degrade lap times from their technical optimum.

Yup and fighter aircraft designers say very much the same... Which is why we have drones, and comming soon to a place near you "AI+ Drones"...

I've met Steve Matchett briefly in the 1990's when I was tangentially involved with FOCA (in Brabham HQ in Chesington Surrey) as part of the design of the radio control system for the "cockpit eye view" camera mounted in that little wing you see sticking out of the fairing behind the drivers head. His view on the wing was not as complementry as it might have been --seeing as it was a sport revenue raiser-- but he did joke it was better than using a periscope from between the drivers legs...

The blockchain is an online ledger controlled not by any one company or government agency, but by a global network of computers. With bitcoin, this ledger tracks the exchange of money, but it can also track anything else that holds value, including stocks, bonds, and other financial securities. The idea is that this technology can more accurately and inexpensively oversee financial trades while eliminating many of the middlemen and loopholes that characterize today’s markets.

Since blockchains stand to improve nati0nal security by no longer having a single point of failure, a point vulnerable to cyber-terrorists, the NSA will not allow blockchains to be adopted. It would become too hard for terrorists to take down critical infrastructure, and the NSA pledged their souls to helping enable cyber-terrorists by weakening all American cyber-security as much as possible(Google "project BULLRUN" if you want proof of this last part).

I think that I quipped "the years teach what the days never knew." Without elapsed time for selective forces to distinguish the well-designed and well-implemented from the poorly-designed and/or the poorly-implemented, it's difficult to assess the merits of your systems. Of course, you still have to have a metric for performance and some test points.

Projecting the test point data onto good visualizations can make it much easier to see what is important. Or as Yogi said, "You can see a lot just by looking." If we had the elusive hypervisor, for some time to come, there will be humans in the loop and it would be helpful for them to be able to see distilled essence of failure.

Question: The GRU must have been aware they been spotted in 2014. Why didn't they use/develop a different tool set?
Possibilities:
1. They already have other hacks, but considered the DNC a second tier target (after all GRU is military intelligence).
2. Lack of resources

Also Note: It later came out that the FBI had never examined the servers. They relied on a "reputable cyber-security firm" (If I were a Dem lawyer I would have raised holy hell before letting the feds in, just on precedent).

Did the Russians hold back a few morsels for future use in a Hillary administration? I would.

@r
got confused reading this thread
it looks like all the posts you replied to got deleted by the time i read yours
cant find any post by anyone named "hazel"
farther up i see several posts in a row by you, replying to someone, but his posts seem gone?
seeing half of the conversation it looked interesting
why was the other half deleted?

What exactly happened with the Ukraine artillery?https://motherboard.vice.com/en_us/article/fancy-bear-hack-of-ukrainian-artillery-fighters-shows-future-of-war just says there was a trojan involved
Did GRU get the signing keys for the app, socially engineer or hack the account of whoever owned the thread with the app to download, add a trojan to that app, resign it and text or email everyone, from that account, telling them something like "come get better updated version"?
Popular media is so sparse on details it gives no idea whatsoever of what happened except "some kind of mischief related to technology LOL"...

Question: The GRU must have been aware they been spotted in 2014. Why didn't they use/develop a different tool set?

That "why didn't they" question was the main reason I argued against the original report as little more than nonsense. Further it was to coincidental with the "Reds Under The Beds" drum beat that had moved from "China APT" to "Russia Inside".

I thus concluded that no "real" investigation had been carried out. Further it smelt strongly of "being led by the nose" in that they were shown what they wanted to see, thus did not look any further than their pre-assumptions.

Which led me to ask where the "contradictory evidence" was, which led to the realisation there was no actuall evidence being presented.

Thus I can not say it was not the Russian's but likewise the same goes for any capable IC or security organisation, any one of whom could pick up the APT28 etc information and reproduce the attacks thus creating a faux impression to cover their own activities.

The whole investigation as publicaly reported was a "I see no ships" event where you "don't look for what you don't want to see", thus you don't see it and can carry on sailing in the direction you want to go rather than the one correct examination of the facts would suggest would be more prudent.

I guess we are unlikely to find out the real motives behind the investigation and I'll let others make their own deductions about the timing by the investigating agency. It will suffice it to say that, that particular "fog of war" could have been caused by any number of smoldering fires all over the place, and thus many motives for "stoking them up" existed...

One thing history shows over and over again is you can win battles but loose wars, thus sometimes the right people win others the wrong and we can only judge which by the facts we have and our points of view. Thus with no facts, any point of view can be held to be true axiomatically, which is why we have the CIA invented "Conspiracy Theories".

You only got one out of three right. You probably guessed, rightly, that I'm not a liberal. I'm sorry, but Obamacare was an abject failure. All too much of that money for healthcare without accountability went into psychiatric and other medical quackery, barratry at civil and criminal law, and false imprisonment. I'm sorry, but as long as "medical marijuana" is even on the table as a legitimate treatment for any condition whatsoever, I reserve the absolute right to refuse medical treatment.

I'm afraid the doctors need to go to prison, our medical institutions need to be rebuilt from the ground up, and any and all who are interested in medicine need to be re-educated. Let there be no doubt. This will happen. Psychiatry as it is practiced today in the United States of America is not only a hate crime, but a Holocaust-worthy war crime, and those who practice it, cooperate with it, accept it, tolerate it, or condone it must bear their guilt eternally. I'm sorry, but there is no excuse for anyone to slander and libel another human being of mental illness at law, or to use this as grounds for false imprisonment and forced administration of psychotropic drugs. The 21st-century Nuremburg trials are coming. John has recorded it in the Book of Revelation, chapter 7, verses 8–13; and chapter 21, verse 23:

And one of the elders answered, saying unto me, What are these which are arrayed in white robes? and whence came they? And I said unto him, Sir, thou knowest. And he said to me, These are they which came out of great tribulation, and have washed their robes, and made them white in the blood of the Lamb. Therefore are they before the throne of God, and serve him day and night in his temple: and he that sitteth on the throne shall dwell among them. They shall hunger no more, neither thirst any more; neither shall the sun light on them, nor any heat. For the Lamb which is in the midst of the throne shall feed them, and shall lead them unto living fountains of waters: and God shall wipe away all tears from their eyes.

And the city had no need of the sun, neither of the moon, to shine in it: for the glory of God did lighten it, and the Lamb is the light thereof.

Trump's gutting of the FCC and particularly of net neutrality may greatly benefit the poor and oppressed who have limited data.
Please support this https://trac.torproject.org/projects/tor/ticket/21518
By running Tor over zero-rated protocols such as WhatsApp, you will be helping those who need Tor most, by letting them (relatively) safely read news critical of their oppressive governments.
These people can't afford data plans but with the death of net neutrality certain protocols can be used unlimited, for free, and Tor needs developers to help write pluggable transports that benefit from these zero-rated protocols.

Hate to feed what is probabbly a troll (doing their job?) however.
Pertaining to medical treatment, although preferred in some cases to refuse. What does your Authority have to say about evil global pharma/dictators/GRU's forcing you to take the accursed thing? Eventually the peasents may be forced like chattel that go to various military servitude like places to take 'vaccines'. Even if history is about to not repeat its self, even with psyhciatry being a huge barrel of sly remarks, do those quotes have anything to do with security or even what you were talking about to begin with?

While the mod has removed the original make no mistake that I am not the only one who witnessed a response from a supposed GRU superior making an edit of one of the troll's comments here ad-hoc (pre?-submission)(I pissed them off enough to intercede with specific comments about Ms. Chapman). It (The GRU post) has since been deleted but I preserved the originals and attempted to repost them here in succession within that thread. Ofc, I am assuming it's the same person but some of the lingual usage is the same and the slant is always the same.

It's a love/hate kind of thing, again I'm sorry for the lack of follow-ability here and I know full well that I'm taking away from the larger conversations we should be having.

I`m sorry but it really does not speak well of you using/providing an unsafe link. I couldn`t even force https on the site. You should know better.

Once everything uses HTTPS, the "Quantum Insert" class of attacks will require stolen TLS certificates, which will stop most script kiddies (but not TLA's or state funded adversaries).Decentralizing the CA's would put a stop to that whole category of attacks, and other categories (including passive ones like FireSheep, and downgrade attacks (a clean break would require no backwards compatibility with insecure protocols such as SSL)).

Actually, yes. It's a crypto library and OpenSSL alternative that's becoming more and more popular. Used in dnscrypt-proxy, for example, which I use to encrypt and protect DNS traffic against MITM attacks. Call it a sort of https equivalent for DNS, if you like. There's a growing number of servers out there, a lot of which don't do logging (or at least claim not to do so) and support DNSSEC.

The report is not a fake, it's been covered in several French newspapers and on TV. They said it's a limited experiment though, as the birds even as they are "armoured" are vulnerable and are limited to fighting/disabling the lighter kind of drones.

Is it true that most warez release groups are fronts for the NSA since that is their preferred method of implanting network exploitation tools onto large numbers of Windows machines without burning through expensive zero-day exploits that can't be used for very long?

I wonder whether the NSA's most "preferred method of implanting network exploitation tools onto large numbers of Windows machines" hasn't been, rather, by way of Windows Updates : most efficient and direct path from the NSA to Microsoft's victims, uh, Windows users...

Just because that's not a primary action, doesn't mean that infiltrating such groups doesn't increase the performance of their vacuum.

I wouldn't believe for a second that they're behind the warez, but being behind the groups behind the warez? E.g. Embedded and embedding? Definitely not something that should be discredited considering the dual hat uses behind most any technology, keep your eyes ears and mind open. ;-)

Ignore the sensationalist headline, it's rather more subtal than that. Becaise "incompleteness" has led to certain assumptions being taken as read when infact they may well not be.

For instance think about what we consider as determanistic and nondetermanistic sequences. And how we can make a determanistic sequence which by the observation of such a sequence even though determanistic can neither be shown to be determanistiv or more importantly --from the practical point of security-- be predictable.

Imagine what would happen if it could be shown that there was no such thing as the random oracle or common random string models?

It would have quite an effect on the Cryptographic "Standard Model" and the security proofs that arise from it...

For those still taking an interest in Kim Dotcom's legal adventures in New Zealand (the LEOs of which have had the US DoJ working them like puppets). Even though a judge there has rulled he might be extradited on some charges, the primary charge on which the others rest was dismissed...

Thus if he did not commit copyright infringement, then charges based on the proceads of that accusation such as money laundering fail.

This is going to get interesting, because it's likely the only route open to the US DoJ would be to find and file other charges that are not related to the original charge. And for various reasons that may prove difficult to impossible.

Today’s cryptography news is that researchers have discovered a collision in the SHA-1 cryptographic hash function. Though long-expected, this is a notable milestone in the evolution of crypto standards.

O'Keefe is a hack; his "stings" suffer from obvious heavy editing to obscure the facts, which come out eventually and then the stories die as they turned out to be either way overblown or just plain BS. They rile up the conservative base, but that's about it.

The USA being the Big Bro of the world and the fact that NZ is a Commonwealth of the Queen and an ally, could have just as well walk right in and use those CIA assets to pick him off. Since they could "coordinate" a "lawful raid" on Kim's compounds and get him arrested, why not just finish him off by simply throwing him aboard CIA's prison jetliner and send him to Guantanamo instead of protracted legal proceedings for extraditions to waste the tax payer's money.

Since Big Bro wants to "flex his muscles" and have already done so by the illegal raid on Kim's house, might as well follow through and haul him on the prison plane to Guantanamo and let him live with those "hardcore terrorist" in the Guantanamo camp.

The US being the economic powerhouse could levy economic sanctions or other sanctions on nations unwilling to cooperate with it's will or maybe another "Operation Iraqi Freedom" attempt to "liberate countries not following the democracy of the USA".

The first thing we need to address is what kind of travelers and borders we're dealing with. Here's some threat profiles:

1. They'll try to download contents off your device if you refuse.

2. They'll seize your device if you don't decrypt it.

3. They'll jail you if you don't decrypt it.

4. They'll jail you for using encryption period.

The solution can stop 1 but so can about all of them. The tamper-resistant, key storage is an extra benefit. The solution can't help 3-4 with it causing an availability loss in 2. The solutions typical for 2-4 is to have a clean device or VM on it that shows nothing serious. Deniability. The real data is downloaded off the Internet once in the country, used until about to leave, put back on the net, device cleaned, and then back through border. The device might be modified with your scheme if it's made deniable. It would have to pose as ordinary, storage card. Or just authentication device (eg Two-Factor Authentication) but not encryption. In this case, it still looks like nothing is there but they or others don't get the data if it's physically compromised in any worst-case scenario.

Well, looks like Trump will start shutting down and arresting small business owners, destroying a multi-billion dollar industry. On a completely unrelated note, the Justice Department is ending plans to phase out private prisons at the federal level.

I think Kim like the chinese hackers that were outed are low hanging fruit at this point, other than the CIA or whoever shaming names I don't think they have anything to do with what's going on at this point (I don't think the MIC cares really, this is blood not war).

This is just for congress and it's pre-paid yokes.

RE: Dress Code,

I like intamperable, but not for encrypted data. I can't (or wont) chew gum and visit singapore at the same time. It's just not something I like to entertain.

My personal opinion for TZ is still the same where I personally don't trust it very much. But if you are in the business of security products, every penny counts and as @Clive Robinson and many of us including myself have already noted very explicitly, that the business of security (yes, business and not personal use cases) are all about making money.

Also, noting that most corporate and govts are too lazy to do their due diligence and prefers COTS with lower assurance like TZ, my version of using TZ as a Secure Container with a corporate VPN backed Thin Client Browser to browse a server side remote virtual desktop in a corporate data center and including a MicroSD card with smart card chip built into it that handles the PIV authentication (eID card) would raise the bar a little higher than most TZ solutions.

Most TZ solutions usually download the whole document into the TZ Secure Container region and do the office work and corporate communications in the container. If the user is forced to decrypt the corporate container, the document would still be lingering around. My method using a TZ based Thin Client virtual desktop would simply clear the session once the container is closed (disconnected) and the force decryption of the container would yield nothing inside.

For personal related security, not going to touch it with a 10 foot pole if you ask me.

The reason as I stated in the past is the TEE-OS for the TZ region and the TZ region is a pure blackbox and the development APIs and stuff are vendor oriented despite a generic API laid out by GlobalPlatform for TEE matters. Also, one needs the proper paid licenses to TrustSonic et. al. that controls most of the commercial TEE licenses just to be able to create your own application for loading into the TZ partition. Too much overhead and very little trust and visibility which I heavily do not recommend if you are using for personal security.

If it is for corporate security or govt security where one is capable of forking out all the cash needed and resources to make your own ARM chipset and write your own TEE-OS and APIs, then why not use that method.

One example is Boeing's Boeing Black phone which is used for US government services where one is able to build a secure smartphone from ground up where every piece is carefully selected and built from scratch rather than the usual COTS stuff you find lying around (i.e. Samsung or Blackberry).

Maybe Thales should really take a look at what's wrong with their HSM interfaces and why key migration between MS CAPI containers with Thales HSM backed keys, renewing of certificates with HSM backed keys, the usage of non-standard PKCS #11 interfaces and such other usability problems should be fixed first before asking or talking about "Why Johnny STILL CAN'T Encrypt" when they can't even do a clean and good job providing critical HSM infrastructure usability from their Thales nCipher product line.

Since Big Bro wants to "flex his muscles" and have already done so by the illegal raid on Kim's house, might as well follow through and haul him on the prison plane

The original US power idiom was "Speak quietly and carry a big stick", not "Banshi scream and smash the place down".

The first way is that of a wiser man, who uses his opponents fear against themselves, the second is the way of the berserker, mad and uncontrollable and only fit to be put down with maximum prejudice as an object lesson to others. Unfortunatly the US did an anti-widishans turn around Gulf War I time and tried to make berserker behaviour rational as "Shock and Awe". Suffice it to say, that during WWII the Axis powers used that tactic to gain large amounts of territory, only latter to get put down very hard by the rest of the world...

Further the US economy to it's currancy value is one of the most misalined of all western nations. The US only get away with it because of the effective seniorage they get from being the world trading currancy. If they got "cute for corporate interests" rather than --alleged-- terrorism without appropriate treaty backstop --which is what TTP was about-- then countries might decide to use another currancy. One of the reasons Iraq got the chop via Gulf War II was given by Paul Wolfowitz as,

we had virtually no economic options with Iraq because the country floats on a sea of oil.

Most people don't get the full implication of this, however UK PM "Tony Blair" let the cat out of the bag. What had happened was US sanctions were killing people in Iraq quite literally. Sadam had sent feelers out to EU "euro" countries that it they helped lift/break the sanctions then he would only sell oil in euros. The result of this would have sent the US and thus the UK economies down to third world type conditions. Thus the only option to protect the US and UK was to take control of Iraq oil and how it was sold. The fact this also gave a big leaver over OPEC was also of significant benefit.

Thus the US is very fragile to it's currancy status, which is another reason it's borrowed heavily from the likes of China and encoragef Chinese investment. The value of the USD becomes entwined with China's economy, thus attacking the US or USD would be counter productive for the Chinese...

I suspect @Anura will have a few things to say on this, but hopefully I've got the point of the "Wise man confidence trick with carrying but not using the big stick" over.

The solutions typical for 2-4 is to have a clean device or VM on it that shows nothing serious. Deniability. The real data is downloaded off the Internet once in the country, used until about to leave, put back on the net, device cleaned, and then back through border.

There are two problems, firstly US CBP and the Israeli equivalent amongst many others are known to "assume" a clean phone is "justifiable suspicion" as is not having "social media" etc.

Secondly, getting a "clean device" is only easy one way, which is to "buy a new" phone / computer etc.

Which also brings up the "out of sight" or "evil maid" attacks. That is the CBP having the backing of the US SigInt agency could easily drop a hidden spyware trojan in the firmware as you cross the border on entry.

Thus buying a phone / computer once across the border might be a better option in some countries. Thus go across with the cheapest phone / computer you can and if it goes out of sight or gets connected to by CBP etc, "dump it" in the bin or pawn brokers etc landside and walk away from it fast.

The other issue to remember about the US is the fact they have increased the border zone to cover nearly the whole of the populated US...

Which brings us back to "Old School OpSec" and the multiple jurisdiction shared key system you and I have discussed in the past.

With the update to the "What you know" factor with "A location you know" at "A time you know" for getting the "key shares" to build the file decryption key for your Internet download.

There is still "wriggle room" in the noose of anti-security legislation but that rope loop is getting drawn tighter and tighter as we pause to take breath...

From a business perspective, companies etc will need to look at sending not individuals but time and location spaced multiple representatives, to play the numbers against the CBP etc. That is if you send two people on different days the CBP only hsve a 1 in 4 chance of randomly getting both, with three that's nearly 89% chance you will get one representative through "free and clear" of "evil maid" problems.

This may only need to be done the once, if you can use the old school OpSec idea of an "in country" secure drop location where equipment can be safely stored between visits.

A serial port is a hen's best friend if they're flying the coup, I almost responded to you with the assertion that a laptop with one would be a good idea to travel with but it hit me that they pretty much all have very large solder joints and physical gaps in their housings.

So, traveling with one is likely not a good idea. But traveling TO one may be a better solution if you absolutely _must_ containerize.

Keybase.io announces a Keybase backed E2EE chat that HAS NO FORWARD SECRECY.

Keybase, being a repository of public keys (imagine a PKI/CA except not in a traditional sense) that uses blockchain and other open source technologies it develops to create a PKI v2.0.

Now it links it's PKI (regardless if it's blockchain backed or vanilla PKI/CA) automatically with it's Chat API and Chat software that has no Forward Secrecy to ease user experience when moving between devices.

On top of that, I have been trying to find a way to execute the attestation of my public key (my account) without using it's supplied software and without using CURL/BASH but it gets irritating trying to attest formally since the only way is to use their software or CURL/BASH and I don't like to install any other software (i.e. CURL) without the time on hand to read it's source codes.

Is the Keybase Chat going to be another Apple iMessage that fails or would it be as good as other truely E2EE chat ?

I pointed out that the best thing to do would be to use USB to TOS-Link devices or even shield boards for the Raspbery Pi etc and "patch up the diode" as required. The thing about AES3 AES/EBU S/PDIF EAJ Optical TOSLINK is it's quite ubiquitous in the "audio world" where it's heavily used in studio equipment etc to give good "galvanic isolation" etc.

Importantly it would give your serial optical data diode not just cheap easily available parts, but an existing major market to sell into. Thus giving the product a high level of deniability.

You will find TOSLINK connectors on the back of semi-pro audio equipment like Sony Mini-Disk audio recorders that are not much thicker than a mobile phone. I've got what looks like a "studio mic" four channel 24bit audio recorder that has TOSLINK connectors and it was less than 100USD and used by quite a few "home artists". I've got it setup to use TOSLNK to a "desktop" computer with a number of other TOSLNK galvanicaly issolated audio units and then that acts as a head end to a standard ethernet network. This is part of a "Studio in a box" system I designed for use by the cost sensitive end of the Broadcast Industry. It's used in all sorts of places world wide with low cost 250W-2.5KW FM broadcast systems. Several of which have been deployed to use "solar power"...

The main point being TOSLINK is very deniable, you can build a unit with an FTD-232 and micro controler on a matchbox sized PCB which is then using epoxy solidly encapsulated into a mini-brick with just a USB conector hole at one end and one or more TOSLINK connectors at the other with a few LEDs showing at the top with an aluminised sticky back lable with product info and socket ID etc info.

AES/EBU is current loop RS423 which is a doddle to convert to RS232 voltage lines. And S/PDIF is the plastic fiber optical TOSLINK.

Not sure if the RED507 is effectively "pasive" thus transparent or if it's got a microcontroler to regen the clock etc, but the lid is only screwed on with four screws so it would be the work of moments to find out if you had one to hand.

It’s part of a larger plan to roll back the FCC’s oversight of network providers, ceding ground to the looser FTC oversight that currently enforces fair practices in most consumer goods.

“Chairman Pai believes that the best way to protect the online privacy of American consumers is through a comprehensive and uniform regulatory framework,” an FCC spokesperson said in a statement. “Therefore, he has advocated returning to a technology-neutral privacy framework for the online world.”
As if most consumer goods are allowed to record the exact position you take them to and everything you read or write on them, and phone it home to their manufacturer who then sales it to marketers and foreign governments.
I guess Pai is okay with typewriters secretly recording everything you write[1] so it can be scraped and sold when you take it to be serviced, or with cars having 24/7 tracking beacons[2] to sell your geo-location information.

For the SD write protect mechanism, that would require decapping and all that sort. Not my area since it's a very expensive hobby to setup a lab and requires a ton of certification and licenses to be able to purchase acid here simply just to decap a chip.

Toggling DRM write-protect from TZ would mean the TZ's microkernel requires exploiting. It's theoretically possible if the microkernel for the TEE-OS has weaknesses.

Clive RobinsonI pointed out that the best thing to do
--Didn't really convince me at all. You were also implying opto-isolators are a "rarity" in industry? Phew I don't know about that...just one industry is traffic lights. Estimates of up to 312,000 traffic lights in US alone, each of those have up to 8 opto isolators. I'm no gambler, only make bets I know I'd win, I'd bet there's bigger industries that use them too.

The difference is I demonstrated an easy build that a freshman engineer could build, no attacks mentioned here besides end-run attacks, still not demonstrated though. And you can only somewhat describe what to do, with a lot of pitfalls and gotcha's learning about Toslink etc. Seems like more than you need to get the job done, so it's personal preference if you want more attack surface and work or not.